Month: January 2017

Google has a great security team, so it’s something of a head-scratcher when they misfire. Or should we be wondering if the Chrome user interface crew had enough coffee lately?

Either way, Google Chrome users have been contacting me wondering why they no longer could access the detailed status of Chrome https: connections, or view the organization and other data associated with SSL certificates for those connections.

Up to now for the stable version of Chrome, you simply clicked the little green padlock icon on an https: connection, clicked on the “Details” link that appeared, and a panel then opened that gave you that status, along with an obvious button to click for viewing the actual certificate data such as Organization, issuance and expiration dates, etc.

Suddenly, that “Details” link no longer is present. Seemingly, Google just doesn’t feel that “ordinary” users need to look at that data these days.

I beg to differ. I’ve frequently trained “ordinary” users to check that information when they question the authenticity of an https: connection — after all, crooks can get SSL certificates too, so verifying the certificate issuance-related data often makes sense.

Well, it turns out that you can still get this information from Chrome, but apparently Google now assumes that folks are so clairvoyant that they can figure out how to do this through the process of osmosis — or something.

The full certificate data is available from the “Developers tools” panel under the “Security” label. In fact, that’s where this info has been for quite some time, but since the now missing “Details” link took you directly to that panel, most users probably didn’t even realize that they were deep in the Developers tools section of the browser.

To get the certificate data now, here’s what you need to do.

First, get into Developer tools. You can do this via Chrome’s upper-right three vertical dots, then click “More tools” — then “Developer tools” — or on many systems you can just press the F12 button.

But wait, there’s still more (yeah, Google took a simple click in an intuitive place and replaced it with a bunch of clicks scattered around).

Once the panel opens, look up at its top. If you don’t see the word “Security” already, click on the “>>” to the right of “Console” — then look down the list that appears and click on “Security” — which will open the Security panel with all of the certificate-related goodies. When you’re done there, click the big “X” in the upper right of the panel to return to normal browser operations.

And don’t feel too badly if you didn’t figure all of this out for yourself. Even Houdini might have had problems with this one.

I hate writing blog posts like this. I really do. I’m a big fan of Google. They’ve got many of the most skilled and caring employees in tech. Unfortunately, they’re not immune to being caught up in abysmal industry trends, so I’m forced to write another “Here we go again …” piece. Sigh.

I’ve been using Google Voice since pretty much the day it launched. Over the years since then I’ve come to depend upon it for both my personal and business phone calls inbound and outbound. Google Voice has been extremely functional, utterly reliable, and godsend for people like me who must deal with complex mixes of cellular and landline phones, lots of inbound spam calls to burn, and need this level of call management to help free up the time necessary for making inflammatory Google+ posts. That Google Voice is free for all domestic calls is a bonus, but I’d willingly pay reasonable fees to use it.

The Google Voice (henceforth “GV”) desktop/web interface has been very stable for something like five years now. In one sense that’s a good thing. It works well, it accomplishes its purpose. Excellent.

On the other hand, if you know Google, you know that when one of their products doesn’t seem to be updated much, it might be time to start being afraid. Very afraid. Because Google products that seem “too” stable may be on the path to decimation and death.

Let’s face it, an ongoing problem in the Internet world is that skilled software engineers by and large aren’t enthusiastic about maintaining what are seen to be “old” products. It’s not considered conducive to climbing the promotion ladder at most firms — the “sexy” new stuff is where the bigger bucks are perceived to reside.

So as desktop GV continued along its stable path, many observers began to wonder if Google was preparing to pull its plug. I’ve had those concerns too, though somewhat mitigated by the fact that Google has been integrating aspects of GV into some of their other newer products, which suggested that GV still had significant life ahead.

This was confirmed recently when word started to circulate of a new version (“refresh” is another term used for this) of GV that was soon to roll out to users. Google eventually confirmed this. Indeed, it’s rolling out right now.

And for desktop users at least, it’s a nightmare. A nightmare that in fact I was expecting. I had hoped I’d be wrong. Unfortunately, I was correct.

I probably don’t even really need to describe the details, because you’ve likely seen this happen to other Google products of late (including recently Google Wallet, though the impact of GV is orders of magnitude worse for users who need to interact with GV frequently throughout the day).

Once again, Google is on the march to treat large desktop displays as if they were small smartphone screens.

Legacy GV made excellent use of screen space — making it easy to see all call details, full voicemail transcriptions, and everything else you needed — all in clear and easy to read fonts.

The new GV is another wasted space, low contrast slap in the face of desktop users, especially those with less than perfect vision (whether due to naturally aging eyes or any other reason).

Massive amounts of unused white space. Call histories squished into a little smartphone style column (no way to increase its size that I could find so far), causing visible voicemail transcriptions to be truncated to just a few words. Plus we’re “treated” to the new Google standard low contrast “if you don’t have perfect vision we don’t care about you” fonts, that disrupt the entire user interface when you try to zoom them up.

And so on. Need I say more? You already know the drill.

There is one saving grace in the new desktop GV. For the moment, there’s a link that takes you back to legacy GV. In fact, after reverting one of my accounts that way, I didn’t even see an obvious way to get back to the new GV interface. In any case, we can safely assume that the legacy access is only temporary.

Compared to legacy desktop GV that worked great, the new GV is another painful sign that Google just doesn’t care about users who don’t live 100% of the time on smartphones and/or have perfect vision. Yet this maligned demographic is rapidly growing in size.

It’s increasingly difficult to not consider the end results of these changes in Google products to be a form of discrimination. I don’t believe that they’re actually intended as discrimination — but the outcomes are the same irrespective of motives. And frankly, my view is that in the long run this is a very dangerous and potentially self-destructive path for Google to be taking.

Nobody would demand that innovation and product improvements must stop. But we are far beyond the point where we should have come to the realization that “one size fits all” user interfaces are simply no longer tenable in these environments, unless you’re willing to simply write off large numbers of users who may not be in your primary target demographic, but still represent many millions of human beings who depend upon you.

Ignoring the needs of these users is not right. It’s not fair. It’s not ethical.

I act as the volunteer support structure for a significant number of nontechnical — but quite active — Internet users. Some of these are quite elderly, which makes me quite sensitive to where Internet firms are falling down on the job in this context.

Let’s face it, these firms may pay lip service to accessibility and serving all segments of their users, but in reality they typically tend to care very little about users who aren’t in their key sales demographics, and who (while often numbering in the millions or more) aren’t considered to be their “primary” users of interest.

We see this problem across a number of aspects (I’ve in the past frequently noted the problems of illegible fonts and poor user interface designs, as my regular readers well know).

But today I’d like to focus on just one, where Google really needs to more aggressively protect their users from some of the most dangerous criminals on the Internet.

I’m referring to the ubiquitous “tech support” scams (often based in India) that terrify users by appearing on their browsers — often the result of a contaminated site link, a “cold” phone call, or very often a mistyped URL — who then falsely claim that the user’s computer is infected with malware or somehow broken, that you must click HERE for a fix, or you must immediately call THIS 800 number, and BLAH BLAH BLAH.

The vast majority of these follow a common pattern, usually claiming to be a legit tech support firm or often Microsoft itself.

Once users are pushed into contacting the scammers — who typically focus on Windows computers — the usual pattern is for them to walk the unsuspecting user through the installation of a remote access program, so that the scammer has free reign to suck the user’s credit card and bank accounts dry via a variety of crooked procedures. Their methods are typically tuned especially well to take advantage of elderly, nontechnical users.

It’s not Google’s fault that these criminals exist. However, given Google’s excellent record at detection and blocking of malware, it is beyond puzzling why Google’s Chrome browser is so ineffective at blocking or even warning about these horrific tech support scams when they hit a user’s browser.

These scam pages should not require massive AI power for Google to target.

And critically, it’s difficult to understand why Chrome still permits most of these crooked pages to completely lock up the user’s browser — often making it impossible for the user to close the related tab or browser through most ordinary means that most users could reasonably be expected to know about.

The simplest cure to offer in these situations (especially when you’re trying to help someone on the other side of the country over the phone) is to tell them to reboot (if the user isn’t already so flustered that they’re having trouble doing that) or to power cycle the computer completely (with the non-zero risk of disk issues that can result from sudden shutdowns).

Even after that, users need to know that they must refuse Chrome’s “helpful” offer of restoring the old tabs after the reset — otherwise they can easily find themselves locked into the offending page yet again!

Chrome is now the world’s most popular browser, and Google’s Chrome team is top-notch. I am confident that they could relatively quickly solve these problems, if they deemed it a priority to do so.

For the sake of helping to protect their users from support scams — even though these users are often in demographic categories that Google doesn’t seem to really care that much about — I urge Google to take immediate steps to make it much more difficult for the tech support criminals to leverage the excellent Chrome browser for evil purposes.

–Lauren–

The correct term is “Internet” NOT “internet” — please don’t fall into the trap of using the latter. It’s just plain wrong!

Frostbite Falls, Minn. (NOTAP) In a brief announcement today that stunned Internet users around the world, the Internet Engineering Technical Force proclaimed the need for an “emergency” transition to a yet to be designed “IP version 7” protocol, capable of dealing with numeric values up to “a full gazillion at a minimum.”

IETF spokesman David Seville explained why this drastic move was considered necessarily when the ongoing transition from IPv4 to Internet protocol level IPv6 — the latter with a vast numbering capability — is still far from complete.

“Frankly, we’re just trying to get ahead of the curve, for once in the technology field,” said Mr. Seville. “With the dramatic rise in the number of hate speech and fake news sites around the world — not only originating in the Soviet Uni … I mean, Russia — we can’t risk running out of numbering resources ever again! Everyone deserves to be able to get these numbers, no matter how vile, racist, and sociopathic they may be. We’re already getting complaints regarding software systems that have overflowed available variable ranges simply trying to keep track of Donald Trump’s lies.”

Asked how the IETF planned to finance their outreach regarding this effort, Seville suggested that they were considering buying major ad network impressions on racist fake news sites like Breitbart, where “the most gullible Internet users tend to hang out. If anyone will believe the nonsense we’re peddling, they will!”

In answer to a question regarding the timing of this proposed transition, Seville noted that the IETF planned to follow the GOP’s healthcare leadership style. “We feel that IPv4 and IPv6 should be immediately repealed, and then we can come up with the IPv7 replacement later.” When asked if this might be disruptive to the communications of Internet users around the world, Mr. Seville chuckled “You’re catching on.”

David Seville can be reached directly for more information at his voice phone number: +7 (495) 697-0349.

– – –

–Lauren–

I have consulted to Google, but I am not currently doing so — my opinions expressed here are mine alone. – – – The correct term is “Internet” NOT “internet” — please don’t fall into the trap of using the latter. It’s just plain wrong!

Here is my mock-up of one way to label fake news on Google Search Results Pages, in the style of the Google malware site warnings. The warning label link would go to a help page explaining the methodology of the labeling.

I have consulted to Google, but I am not currently doing so — my opinions expressed here are mine alone.– – –The correct term is “Internet” NOT “internet” — please don’t fall into the trap of using the latter. It’s just plain wrong!